Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/liborcus-0.16.1/src/orcus_filter_global.hpp
Examining data/liborcus-0.16.1/src/cli_global.cpp
Examining data/liborcus-0.16.1/src/orcus_ods_styles.cpp
Examining data/liborcus-0.16.1/src/orcus_xlsx_main.cpp
Examining data/liborcus-0.16.1/src/orcus_test_xml.cpp
Examining data/liborcus-0.16.1/src/orcus_test_xml_mapped.cpp
Examining data/liborcus-0.16.1/src/orcus_zip_dump.cpp
Examining data/liborcus-0.16.1/src/orcus_gnumeric_main.cpp
Examining data/liborcus-0.16.1/src/orcus_test_global.cpp
Examining data/liborcus-0.16.1/src/orcus_ods_main.cpp
Examining data/liborcus-0.16.1/src/orcus_env_dump.cpp
Examining data/liborcus-0.16.1/src/orcus_test_xlsx.cpp
Examining data/liborcus-0.16.1/src/include/numeric_parser.hpp
Examining data/liborcus-0.16.1/src/include/cpu_features.hpp
Examining data/liborcus-0.16.1/src/include/test_global.hpp
Examining data/liborcus-0.16.1/src/orcus_test_xls_xml.cpp
Examining data/liborcus-0.16.1/src/orcus_test_global.hpp
Examining data/liborcus-0.16.1/src/orcus_test_json_mapped.cpp
Examining data/liborcus-0.16.1/src/orcus_xml_main.cpp
Examining data/liborcus-0.16.1/src/python/sheet_rows.cpp
Examining data/liborcus-0.16.1/src/python/sheet.cpp
Examining data/liborcus-0.16.1/src/python/python.cpp
Examining data/liborcus-0.16.1/src/python/formula_token.hpp
Examining data/liborcus-0.16.1/src/python/root.cpp
Examining data/liborcus-0.16.1/src/python/named_expressions.cpp
Examining data/liborcus-0.16.1/src/python/formula_tokens.cpp
Examining data/liborcus-0.16.1/src/python/named_expression.cpp
Examining data/liborcus-0.16.1/src/python/formula_token.cpp
Examining data/liborcus-0.16.1/src/python/named_expression.hpp
Examining data/liborcus-0.16.1/src/python/global.cpp
Examining data/liborcus-0.16.1/src/python/ods.hpp
Examining data/liborcus-0.16.1/src/python/document.hpp
Examining data/liborcus-0.16.1/src/python/gnumeric.hpp
Examining data/liborcus-0.16.1/src/python/document.cpp
Examining data/liborcus-0.16.1/src/python/ods.cpp
Examining data/liborcus-0.16.1/src/python/xlsx.cpp
Examining data/liborcus-0.16.1/src/python/formula_tokens.hpp
Examining data/liborcus-0.16.1/src/python/sheet_rows.hpp
Examining data/liborcus-0.16.1/src/python/memory.hpp
Examining data/liborcus-0.16.1/src/python/root.hpp
Examining data/liborcus-0.16.1/src/python/sheet.hpp
Examining data/liborcus-0.16.1/src/python/cell.cpp
Examining data/liborcus-0.16.1/src/python/csv.hpp
Examining data/liborcus-0.16.1/src/python/memory.cpp
Examining data/liborcus-0.16.1/src/python/xls_xml.cpp
Examining data/liborcus-0.16.1/src/python/xls_xml.hpp
Examining data/liborcus-0.16.1/src/python/xlsx.hpp
Examining data/liborcus-0.16.1/src/python/gnumeric.cpp
Examining data/liborcus-0.16.1/src/python/csv.cpp
Examining data/liborcus-0.16.1/src/python/global.hpp
Examining data/liborcus-0.16.1/src/python/named_expressions.hpp
Examining data/liborcus-0.16.1/src/python/json.cpp
Examining data/liborcus-0.16.1/src/python/cell.hpp
Examining data/liborcus-0.16.1/src/orcus_json_cli.hpp
Examining data/liborcus-0.16.1/src/odf_styles_context_test.cpp
Examining data/liborcus-0.16.1/src/orcus_json_cli.cpp
Examining data/liborcus-0.16.1/src/orcus_test_csv.cpp
Examining data/liborcus-0.16.1/src/orcus_yaml_main.cpp
Examining data/liborcus-0.16.1/src/orcus_mso_encryption.cpp
Examining data/liborcus-0.16.1/src/orcus_xls_xml_main.cpp
Examining data/liborcus-0.16.1/src/orcus_detect_main.cpp
Examining data/liborcus-0.16.1/src/orcus_test_gnumeric.cpp
Examining data/liborcus-0.16.1/src/orcus_filter_global.cpp
Examining data/liborcus-0.16.1/src/liborcus/orcus_ods.cpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_handler.hpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_pivot_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_drawing_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/orcus_xlsx.cpp
Examining data/liborcus-0.16.1/src/liborcus/ods_session_data.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_workbook_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/xls_xml_namespace_types.hpp
Examining data/liborcus-0.16.1/src/liborcus/odf_helper_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_pivot_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/json_structure_mapper.hpp
Examining data/liborcus-0.16.1/src/liborcus/xls_xml_namespace_types.cpp
Examining data/liborcus-0.16.1/src/liborcus/odf_styles.cpp
Examining data/liborcus-0.16.1/src/liborcus/opc_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/xml_structure_mapper.hpp
Examining data/liborcus-0.16.1/src/liborcus/xml_stream_parser.cpp
Examining data/liborcus-0.16.1/src/liborcus/ooxml_tokens.cpp
Examining data/liborcus-0.16.1/src/liborcus/json_structure_tree.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_sheet_context_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/spreadsheet_iface_util.hpp
Examining data/liborcus-0.16.1/src/liborcus/odf_styles.hpp
Examining data/liborcus-0.16.1/src/liborcus/json_map_tree.cpp
Examining data/liborcus-0.16.1/src/liborcus/xls_xml_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_table_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/xpath_parser.cpp
Examining data/liborcus-0.16.1/src/liborcus/session_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/xml_map_tree_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/formula_result.hpp
Examining data/liborcus-0.16.1/src/liborcus/ooxml_types.cpp
Examining data/liborcus-0.16.1/src/liborcus/xml_structure_mapper.cpp
Examining data/liborcus-0.16.1/src/liborcus/xpath_parser_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_workbook_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_tokens.cpp
Examining data/liborcus-0.16.1/src/liborcus/yaml_document_tree.cpp
Examining data/liborcus-0.16.1/src/liborcus/xml_simple_stream_handler.hpp
Examining data/liborcus-0.16.1/src/liborcus/json_util.hpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_helper.hpp
Examining data/liborcus-0.16.1/src/liborcus/odf_number_formatting_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_tokens.hpp
Examining data/liborcus-0.16.1/src/liborcus/opc_reader.cpp
Examining data/liborcus-0.16.1/src/liborcus/mock_spreadsheet.hpp
Examining data/liborcus-0.16.1/src/liborcus/orcus_xml_impl.hpp
Examining data/liborcus-0.16.1/src/liborcus/css_selector.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_session_data.hpp
Examining data/liborcus-0.16.1/src/liborcus/xml_simple_stream_handler.cpp
Examining data/liborcus-0.16.1/src/liborcus/detection_result.cpp
Examining data/liborcus-0.16.1/src/liborcus/orcus_csv.cpp
Examining data/liborcus-0.16.1/src/liborcus/ods_dde_links_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/ooxml_token_constants.hpp
Examining data/liborcus-0.16.1/src/liborcus/ods_content_xml_handler.hpp
Examining data/liborcus-0.16.1/src/liborcus/orcus_xml.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_conditional_format_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_detection_handler.hpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/global.cpp
Examining data/liborcus-0.16.1/src/liborcus/odf_tokens.hpp
Examining data/liborcus-0.16.1/src/liborcus/yaml_document_tree_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/json_structure_tree_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/ods_content_xml_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_cell_context_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/opc_token_constants.hpp
Examining data/liborcus-0.16.1/src/liborcus/string_helper.hpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/measurement.cpp
Examining data/liborcus-0.16.1/src/liborcus/xls_xml_handler.cpp
Examining data/liborcus-0.16.1/src/liborcus/opc_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/spreadsheet_impl_types.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_revision_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_cell_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/ooxml_schemas.hpp
Examining data/liborcus-0.16.1/src/liborcus/ooxml_namespace_types.hpp
Examining data/liborcus-0.16.1/src/liborcus/orcus_json.cpp
Examining data/liborcus-0.16.1/src/liborcus/session_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_table_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_helper.hpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_token_constants.hpp
Examining data/liborcus-0.16.1/src/liborcus/opc_reader.hpp
Examining data/liborcus-0.16.1/src/liborcus/spreadsheet_interface.cpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_detection_handler.cpp
Examining data/liborcus-0.16.1/src/liborcus/css_document_tree.cpp
Examining data/liborcus-0.16.1/src/liborcus/xml_context_global.hpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_sheet_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/json_document_tree.cpp
Examining data/liborcus-0.16.1/src/liborcus/xls_xml_handler.hpp
Examining data/liborcus-0.16.1/src/liborcus/orcus_import_xlsx.cpp
Examining data/liborcus-0.16.1/src/liborcus/xml_context_base.hpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_sheet_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_conditional_format_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_helper.cpp
Examining data/liborcus-0.16.1/src/liborcus/xml_map_tree.hpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_namespace_types.cpp
Examining data/liborcus-0.16.1/src/liborcus/odf_helper.hpp
Examining data/liborcus-0.16.1/src/liborcus/mock_spreadsheet.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_types.cpp
Examining data/liborcus-0.16.1/src/liborcus/ooxml_types.hpp
Examining data/liborcus-0.16.1/src/liborcus/detection_result.hpp
Examining data/liborcus-0.16.1/src/liborcus/xls_xml_token_constants.hpp
Examining data/liborcus-0.16.1/src/liborcus/ods_content_xml_handler.cpp
Examining data/liborcus-0.16.1/src/liborcus/css_document_tree_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/orcus_xml_impl.cpp
Examining data/liborcus-0.16.1/src/liborcus/interface.cpp
Examining data/liborcus-0.16.1/src/liborcus/odf_token_constants.hpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_handler.cpp
Examining data/liborcus-0.16.1/src/liborcus/odf_para_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/ooxml_schemas.cpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_helper_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/odf_number_formatting_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/spreadsheet_types.cpp
Examining data/liborcus-0.16.1/src/liborcus/ods_content_xml_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/xls_xml_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/orcus_xls_xml.cpp
Examining data/liborcus-0.16.1/src/liborcus/json_util.cpp
Examining data/liborcus-0.16.1/src/liborcus/odf_styles_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/xml_structure_tree_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_drawing_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/ooxml_global.hpp
Examining data/liborcus-0.16.1/src/liborcus/orcus_xml_map_def.cpp
Examining data/liborcus-0.16.1/src/liborcus/common_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/ooxml_namespace_types.cpp
Examining data/liborcus-0.16.1/src/liborcus/string_helper.cpp
Examining data/liborcus-0.16.1/src/liborcus/ooxml_tokens.hpp
Examining data/liborcus-0.16.1/src/liborcus/odf_tokens.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_handler.hpp
Examining data/liborcus-0.16.1/src/liborcus/odf_para_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/ooxml_content_types.cpp
Examining data/liborcus-0.16.1/src/liborcus/odf_namespace_types.hpp
Examining data/liborcus-0.16.1/src/liborcus/dom_tree.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_autofilter_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/spreadsheet_iface_util.cpp
Examining data/liborcus-0.16.1/src/liborcus/json_structure_mapper.cpp
Examining data/liborcus-0.16.1/src/liborcus/json_map_tree.hpp
Examining data/liborcus-0.16.1/src/liborcus/xml_structure_tree.cpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/xml_context_global.cpp
Examining data/liborcus-0.16.1/src/liborcus/json_document_tree_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_revision_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/xpath_parser.hpp
Examining data/liborcus-0.16.1/src/liborcus/xml_stream_parser.hpp
Examining data/liborcus-0.16.1/src/liborcus/config.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_helper.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_session_data.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_autofilter_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/ooxml_global.cpp
Examining data/liborcus-0.16.1/src/liborcus/format_detection_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/ooxml_content_types.hpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_handler.cpp
Examining data/liborcus-0.16.1/src/liborcus/xls_xml_detection_handler.hpp
Examining data/liborcus-0.16.1/src/liborcus/orcus_import_ods.cpp
Examining data/liborcus-0.16.1/src/liborcus/ods_dde_links_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/xml_map_tree.cpp
Examining data/liborcus-0.16.1/src/liborcus/spreadsheet_impl_types.hpp
Examining data/liborcus-0.16.1/src/liborcus/xls_xml_detection_handler.cpp
Examining data/liborcus-0.16.1/src/liborcus/json_map_tree_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/xlsx_types.hpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/odf_helper.cpp
Examining data/liborcus-0.16.1/src/liborcus/dom_tree_test.cpp
Examining data/liborcus-0.16.1/src/liborcus/info.cpp
Examining data/liborcus-0.16.1/src/liborcus/xml_context_base.cpp
Examining data/liborcus-0.16.1/src/liborcus/xls_xml_tokens.cpp
Examining data/liborcus-0.16.1/src/liborcus/odf_namespace_types.cpp
Examining data/liborcus-0.16.1/src/liborcus/odf_styles_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/orcus_gnumeric.cpp
Examining data/liborcus-0.16.1/src/liborcus/xml_stream_handler.cpp
Examining data/liborcus-0.16.1/src/liborcus/format_detection.cpp
Examining data/liborcus-0.16.1/src/liborcus/xml_stream_handler.hpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_namespace_types.hpp
Examining data/liborcus-0.16.1/src/liborcus/xls_xml_tokens.hpp
Examining data/liborcus-0.16.1/src/liborcus/ods_session_data.hpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_context.cpp
Examining data/liborcus-0.16.1/src/liborcus/gnumeric_cell_context.hpp
Examining data/liborcus-0.16.1/src/liborcus/formula_result.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/factory_table.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/csv_dumper.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/flat_dumper.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/factory.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/factory_styles.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/sheet.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/view.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/auto_filter.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/formula_global.hpp
Examining data/liborcus-0.16.1/src/spreadsheet/number_format.hpp
Examining data/liborcus-0.16.1/src/spreadsheet/factory_pivot.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/html_dumper.hpp
Examining data/liborcus-0.16.1/src/spreadsheet/json_dumper.hpp
Examining data/liborcus-0.16.1/src/spreadsheet/factory_table.hpp
Examining data/liborcus-0.16.1/src/spreadsheet/csv_dumper.hpp
Examining data/liborcus-0.16.1/src/spreadsheet/dumper_global.hpp
Examining data/liborcus-0.16.1/src/spreadsheet/shared_formula.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/global_settings.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/flat_dumper.hpp
Examining data/liborcus-0.16.1/src/spreadsheet/factory_sheet.hpp
Examining data/liborcus-0.16.1/src/spreadsheet/html_dumper.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/global_settings.hpp
Examining data/liborcus-0.16.1/src/spreadsheet/document.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/factory_sheet.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/sheet_range.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/styles.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/pivot.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/formula_global.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/dumper_global.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/config.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/factory_pivot.hpp
Examining data/liborcus-0.16.1/src/spreadsheet/shared_formula.hpp
Examining data/liborcus-0.16.1/src/spreadsheet/impl_types.hpp
Examining data/liborcus-0.16.1/src/spreadsheet/number_format.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/json_dumper.cpp
Examining data/liborcus-0.16.1/src/spreadsheet/shared_strings.cpp
Examining data/liborcus-0.16.1/src/mso/encryption_info.cpp
Examining data/liborcus-0.16.1/src/cli_global.hpp
Examining data/liborcus-0.16.1/src/orcus_csv_main.cpp
Examining data/liborcus-0.16.1/src/orcus_css_dump.cpp
Examining data/liborcus-0.16.1/src/orcus_test_ods.cpp
Examining data/liborcus-0.16.1/src/parser/string_pool_test.cpp
Examining data/liborcus-0.16.1/src/parser/base64.cpp
Examining data/liborcus-0.16.1/src/parser/xml_writer.cpp
Examining data/liborcus-0.16.1/src/parser/csv_parser_test.cpp
Examining data/liborcus-0.16.1/src/parser/string_pool.cpp
Examining data/liborcus-0.16.1/src/parser/tokens.cpp
Examining data/liborcus-0.16.1/src/parser/sax_parser_test.cpp
Examining data/liborcus-0.16.1/src/parser/css_types.cpp
Examining data/liborcus-0.16.1/src/parser/win_stdint.h
Examining data/liborcus-0.16.1/src/parser/csv_parser_base.cpp
Examining data/liborcus-0.16.1/src/parser/sax_parser_base.cpp
Examining data/liborcus-0.16.1/src/parser/xml_writer_test.cpp
Examining data/liborcus-0.16.1/src/parser/sax_ns_parser_test.cpp
Examining data/liborcus-0.16.1/src/parser/parser_global.cpp
Examining data/liborcus-0.16.1/src/parser/stream.cpp
Examining data/liborcus-0.16.1/src/parser/parser_base.cpp
Examining data/liborcus-0.16.1/src/parser/xml_namespace.cpp
Examining data/liborcus-0.16.1/src/parser/parser_test_json_validation.cpp
Examining data/liborcus-0.16.1/src/parser/css_parser_base.cpp
Examining data/liborcus-0.16.1/src/parser/threaded_json_parser_test.cpp
Examining data/liborcus-0.16.1/src/parser/zip_archive_stream.cpp
Examining data/liborcus-0.16.1/src/parser/threaded_sax_token_parser_test.cpp
Examining data/liborcus-0.16.1/src/parser/zip_archive.cpp
Examining data/liborcus-0.16.1/src/parser/json_parser_base.cpp
Examining data/liborcus-0.16.1/src/parser/xml_namespace_test.cpp
Examining data/liborcus-0.16.1/src/parser/sax_token_parser_thread.cpp
Examining data/liborcus-0.16.1/src/parser/sax_token_parser.cpp
Examining data/liborcus-0.16.1/src/parser/yaml_parser_test.cpp
Examining data/liborcus-0.16.1/src/parser/types.cpp
Examining data/liborcus-0.16.1/src/parser/sax_token_parser_test.cpp
Examining data/liborcus-0.16.1/src/parser/cell_buffer.cpp
Examining data/liborcus-0.16.1/src/parser/json_parser_test.cpp
Examining data/liborcus-0.16.1/src/parser/json_parser_thread.cpp
Examining data/liborcus-0.16.1/src/parser/base64_test.cpp
Examining data/liborcus-0.16.1/src/parser/parser_test_numeric.cpp
Examining data/liborcus-0.16.1/src/parser/json_global.cpp
Examining data/liborcus-0.16.1/src/parser/zip_archive_test.cpp
Examining data/liborcus-0.16.1/src/parser/pstring.cpp
Examining data/liborcus-0.16.1/src/parser/parser_global_test.cpp
Examining data/liborcus-0.16.1/src/parser/yaml_parser_base.cpp
Examining data/liborcus-0.16.1/src/parser/parser_base_test.cpp
Examining data/liborcus-0.16.1/src/parser/stream_test.cpp
Examining data/liborcus-0.16.1/src/parser/exception.cpp
Examining data/liborcus-0.16.1/src/parser/css_parser_test.cpp
Examining data/liborcus-0.16.1/src/orcus_json_cli_map.cpp
Examining data/liborcus-0.16.1/doc_example/json_doc_2.cpp
Examining data/liborcus-0.16.1/doc_example/spreadsheet_doc_1_num_and_formula.cpp
Examining data/liborcus-0.16.1/doc_example/spreadsheet_doc_2_sheets_with_string_pool.cpp
Examining data/liborcus-0.16.1/doc_example/json_parser_1.cpp
Examining data/liborcus-0.16.1/doc_example/json_doc_1.cpp
Examining data/liborcus-0.16.1/doc_example/spreadsheet_doc_2.cpp
Examining data/liborcus-0.16.1/doc_example/xml_mapping_1.cpp
Examining data/liborcus-0.16.1/doc_example/spreadsheet_doc_2_sheets_no_string_pool.cpp
Examining data/liborcus-0.16.1/doc_example/spreadsheet_doc_2_sheets_with_formula.cpp
Examining data/liborcus-0.16.1/doc_example/spreadsheet_doc_1.cpp
Examining data/liborcus-0.16.1/include/orcus/orcus_xls_xml.hpp
Examining data/liborcus-0.16.1/include/orcus/exception.hpp
Examining data/liborcus-0.16.1/include/orcus/yaml_parser.hpp
Examining data/liborcus-0.16.1/include/orcus/orcus_json.hpp
Examining data/liborcus-0.16.1/include/orcus/csv_parser_base.hpp
Examining data/liborcus-0.16.1/include/orcus/sax_token_parser.hpp
Examining data/liborcus-0.16.1/include/orcus/orcus_import_ods.hpp
Examining data/liborcus-0.16.1/include/orcus/string_pool.hpp
Examining data/liborcus-0.16.1/include/orcus/types.hpp
Examining data/liborcus-0.16.1/include/orcus/dom_tree.hpp
Examining data/liborcus-0.16.1/include/orcus/sax_parser.hpp
Examining data/liborcus-0.16.1/include/orcus/json_parser_base.hpp
Examining data/liborcus-0.16.1/include/orcus/threaded_sax_token_parser.hpp
Examining data/liborcus-0.16.1/include/orcus/csv_parser.hpp
Examining data/liborcus-0.16.1/include/orcus/json_parser.hpp
Examining data/liborcus-0.16.1/include/orcus/base64.hpp
Examining data/liborcus-0.16.1/include/orcus/measurement.hpp
Examining data/liborcus-0.16.1/include/orcus/env.hpp
Examining data/liborcus-0.16.1/include/orcus/orcus_ods.hpp
Examining data/liborcus-0.16.1/include/orcus/orcus_xml.hpp
Examining data/liborcus-0.16.1/include/orcus/parser_base.hpp
Examining data/liborcus-0.16.1/include/orcus/css_selector.hpp
Examining data/liborcus-0.16.1/include/orcus/sax_parser_base.hpp
Examining data/liborcus-0.16.1/include/orcus/xml_namespace.hpp
Examining data/liborcus-0.16.1/include/orcus/yaml_document_tree.hpp
Examining data/liborcus-0.16.1/include/orcus/json_global.hpp
Examining data/liborcus-0.16.1/include/orcus/info.hpp
Examining data/liborcus-0.16.1/include/orcus/sax_ns_parser.hpp
Examining data/liborcus-0.16.1/include/orcus/css_parser_base.hpp
Examining data/liborcus-0.16.1/include/orcus/zip_archive.hpp
Examining data/liborcus-0.16.1/include/orcus/css_parser.hpp
Examining data/liborcus-0.16.1/include/orcus/xml_writer.hpp
Examining data/liborcus-0.16.1/include/orcus/pstring.hpp
Examining data/liborcus-0.16.1/include/orcus/orcus_xlsx.hpp
Examining data/liborcus-0.16.1/include/orcus/xml_structure_tree.hpp
Examining data/liborcus-0.16.1/include/orcus/tokens.hpp
Examining data/liborcus-0.16.1/include/orcus/orcus_csv.hpp
Examining data/liborcus-0.16.1/include/orcus/sax_token_parser_thread.hpp
Examining data/liborcus-0.16.1/include/orcus/orcus_import_xlsx.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/import_interface.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/import_interface_view.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/types.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/view.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/export_interface.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/auto_filter.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/document.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/shared_strings.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/styles.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/factory.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/import_interface_pivot.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/sheet.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/view_types.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/pivot.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/sheet_range.hpp
Examining data/liborcus-0.16.1/include/orcus/spreadsheet/config.hpp
Examining data/liborcus-0.16.1/include/orcus/threaded_json_parser.hpp
Examining data/liborcus-0.16.1/include/orcus/json_document_tree.hpp
Examining data/liborcus-0.16.1/include/orcus/mso/encryption_info.hpp
Examining data/liborcus-0.16.1/include/orcus/parser_global.hpp
Examining data/liborcus-0.16.1/include/orcus/css_types.hpp
Examining data/liborcus-0.16.1/include/orcus/json_structure_tree.hpp
Examining data/liborcus-0.16.1/include/orcus/zip_archive_stream.hpp
Examining data/liborcus-0.16.1/include/orcus/json_parser_thread.hpp
Examining data/liborcus-0.16.1/include/orcus/detail/parser_token_buffer.hpp
Examining data/liborcus-0.16.1/include/orcus/detail/thread.hpp
Examining data/liborcus-0.16.1/include/orcus/yaml_parser_base.hpp
Examining data/liborcus-0.16.1/include/orcus/global.hpp
Examining data/liborcus-0.16.1/include/orcus/format_detection.hpp
Examining data/liborcus-0.16.1/include/orcus/orcus_gnumeric.hpp
Examining data/liborcus-0.16.1/include/orcus/interface.hpp
Examining data/liborcus-0.16.1/include/orcus/css_document_tree.hpp
Examining data/liborcus-0.16.1/include/orcus/stream.hpp
Examining data/liborcus-0.16.1/include/orcus/config.hpp
Examining data/liborcus-0.16.1/include/orcus/cell_buffer.hpp
Examining data/liborcus-0.16.1/benchmark/threaded_json_parser.cpp
Examining data/liborcus-0.16.1/benchmark/json_parser.cpp

FINAL RESULTS:

data/liborcus-0.16.1/src/liborcus/gnumeric_cell_context.cpp:66:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                cell_data.row = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_cell_context.cpp:69:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                cell_data.col = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_cell_context.cpp:73:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int value_type = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_cell_context.cpp:89:47:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                cell_data.shared_formula_id = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_cell_context.cpp:93:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                cell_data.array_rows = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_cell_context.cpp:97:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                cell_data.array_cols = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:33:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                size_t n = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:39:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                size_t n = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:45:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                size_t n = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:51:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                size_t n = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:76:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                double n = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:82:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                bool b = atoi(attr.value.get()) != 0;
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:88:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                bool b = atoi(attr.value.get()) != 0;
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:94:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int n = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:155:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                bool b = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:163:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                bool b = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:305:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                int val = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:334:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                size_t i = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:346:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                size_t i = atoi(attr.value.get());
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:352:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                bool b = atoi(attr.value.get()) != 0;
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:419:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                spreadsheet::col_t col = atoi(attr.value.get());                
data/liborcus-0.16.1/src/parser/xml_writer.cpp:23:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    bool open;
data/liborcus-0.16.1/src/parser/xml_writer.cpp:25:51:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    _elem(const xml_name_t& _name) : name(_name), open(true) {}
data/liborcus-0.16.1/src/parser/xml_writer.cpp:197:68:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!mp_impl->elem_stack.empty() && mp_impl->elem_stack.back().open)
data/liborcus-0.16.1/src/parser/xml_writer.cpp:269:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (elem.open)
data/liborcus-0.16.1/src/parser/zip_archive.cpp:164:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[4];
data/liborcus-0.16.1/src/parser/zip_archive.cpp:179:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[2];
data/liborcus-0.16.1/src/parser/zip_archive_stream.cpp:26:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    m_stream(fopen(filepath, "rb"))
data/liborcus-0.16.1/src/parser/zip_archive_stream.cpp:109:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, m_cur, length);
data/liborcus-0.16.1/doc_example/json_parser_1.cpp:31:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t n_test_code = strlen(test_code);
data/liborcus-0.16.1/include/orcus/mso/encryption_info.hpp:27:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    void read(const char* p, size_t n);
data/liborcus-0.16.1/include/orcus/spreadsheet/types.hpp:315:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    equal,
data/liborcus-0.16.1/include/orcus/zip_archive_stream.hpp:25:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    virtual void read(unsigned char* buffer, size_t length) const = 0;
data/liborcus-0.16.1/include/orcus/zip_archive_stream.hpp:44:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    virtual void read(unsigned char* buffer, size_t length) const;
data/liborcus-0.16.1/include/orcus/zip_archive_stream.hpp:64:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    virtual void read(unsigned char* buffer, size_t length) const;
data/liborcus-0.16.1/src/liborcus/common_test.cpp:160:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const char* p_end = p + strlen(p);
data/liborcus-0.16.1/src/liborcus/common_test.cpp:198:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const char* p_end = p + strlen(p);
data/liborcus-0.16.1/src/liborcus/gnumeric_sheet_context.cpp:250:55:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            return spreadsheet::condition_operator_t::equal;
data/liborcus-0.16.1/src/liborcus/json_document_tree_test.cpp:171:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cout << "JSON stream: '" << test << "' (" << strlen(test) << ")" << endl;
data/liborcus-0.16.1/src/liborcus/json_document_tree_test.cpp:175:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            doc.load(test, strlen(test), test_config);
data/liborcus-0.16.1/src/liborcus/json_document_tree_test.cpp:205:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            doc.load(string(invalid_json, strlen(invalid_json)), test_config);
data/liborcus-0.16.1/src/liborcus/orcus_ods.cpp:112:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t n = strlen(mimetype);
data/liborcus-0.16.1/src/liborcus/xlsx_conditional_format_context.cpp:274:87:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
                        m_cond_format.set_operator(spreadsheet::condition_operator_t::equal);
data/liborcus-0.16.1/src/mso/encryption_info.cpp:215:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
void encryption_info_reader::read(const char* p, size_t n)
data/liborcus-0.16.1/src/orcus_mso_encryption.cpp:25:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    reader.read(content.data(), content.size());
data/liborcus-0.16.1/src/orcus_test_xls_xml.cpp:90:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (ifs.read(content.data(), n))
data/liborcus-0.16.1/src/parser/base64_test.cpp:22:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t n = strlen(p);
data/liborcus-0.16.1/src/parser/cell_buffer.cpp:38:10:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    std::strncpy(p_dest, p, len);
data/liborcus-0.16.1/src/parser/css_parser_base.cpp:168:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t com_open_len = std::strlen(com_open);
data/liborcus-0.16.1/src/parser/css_parser_base.cpp:187:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t com_close_len = std::strlen(com_close);
data/liborcus-0.16.1/src/parser/css_parser_test.cpp:15:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t n = strlen(test_code);
data/liborcus-0.16.1/src/parser/csv_parser_test.cpp:15:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t n = strlen(test_code);
data/liborcus-0.16.1/src/parser/json_parser_test.cpp:15:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t n = strlen(test_code);
data/liborcus-0.16.1/src/parser/parser_global_test.cpp:45:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        volatile double val = orcus::parse_numeric(str, std::strlen(test_data.str));
data/liborcus-0.16.1/src/parser/pstring.cpp:37:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    m_size(_pos ? std::strlen(_pos) : 0)
data/liborcus-0.16.1/src/parser/pstring.cpp:77:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t n = std::strlen(_str);
data/liborcus-0.16.1/src/parser/sax_ns_parser_test.cpp:14:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(test_code);
data/liborcus-0.16.1/src/parser/sax_parser_test.cpp:16:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(test_code);
data/liborcus-0.16.1/src/parser/sax_parser_test.cpp:71:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        orcus::sax_parser<_handler> parser(content, strlen(content), hdl.transient_stream, hdl);
data/liborcus-0.16.1/src/parser/sax_parser_test.cpp:78:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        orcus::sax_parser<_handler> parser(content, strlen(content), hdl.transient_stream, hdl);
data/liborcus-0.16.1/src/parser/sax_parser_test.cpp:93:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    orcus::sax_parser<_handler> parser(content, strlen(content), hdl);
data/liborcus-0.16.1/src/parser/sax_parser_test.cpp:114:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    orcus::sax_parser<_handler> parser(content, strlen(content), hdl);
data/liborcus-0.16.1/src/parser/sax_token_parser_test.cpp:22:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(test_code);
data/liborcus-0.16.1/src/parser/sax_token_parser_test.cpp:36:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t content_size = strlen(content);
data/liborcus-0.16.1/src/parser/sax_token_parser_test.cpp:166:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sax_token_parser<handler> parser1(content1, strlen(content1), token_map, ns_cxt, hdl);
data/liborcus-0.16.1/src/parser/sax_token_parser_test.cpp:169:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sax_token_parser<handler> parser2(content2, strlen(content2), token_map, ns_cxt, hdl);
data/liborcus-0.16.1/src/parser/sax_token_parser_test.cpp:172:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sax_token_parser<handler> parser3(content3, strlen(content3), token_map, ns_cxt, hdl);
data/liborcus-0.16.1/src/parser/string_pool.cpp:53:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return intern(str, strlen(str));
data/liborcus-0.16.1/src/parser/threaded_json_parser_test.cpp:95:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    threaded_json_parser<handler> parser(src, std::strlen(src), hdl, 5, 5);
data/liborcus-0.16.1/src/parser/threaded_json_parser_test.cpp:169:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            threaded_json_parser<handler> parser(src, std::strlen(src), hdl, 1);
data/liborcus-0.16.1/src/parser/threaded_sax_token_parser_test.cpp:56:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t content_size = strlen(content);
data/liborcus-0.16.1/src/parser/threaded_sax_token_parser_test.cpp:117:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t content_size = strlen(content);
data/liborcus-0.16.1/src/parser/threaded_sax_token_parser_test.cpp:151:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t content_size = strlen(content);
data/liborcus-0.16.1/src/parser/yaml_parser_test.cpp:20:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t n = strlen(test_code);
data/liborcus-0.16.1/src/parser/zip_archive.cpp:134:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        m_stream->read(&buf[0], n);
data/liborcus-0.16.1/src/parser/zip_archive.cpp:165:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        m_stream->read(&buf[0], 4);
data/liborcus-0.16.1/src/parser/zip_archive.cpp:180:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        m_stream->read(&buf[0], 2);
data/liborcus-0.16.1/src/parser/zip_archive.cpp:470:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    m_stream->read(&raw_buf[0], param.size_compressed);
data/liborcus-0.16.1/src/parser/zip_archive.cpp:524:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        m_stream->read(&buf[0], buf.size());
data/liborcus-0.16.1/src/parser/zip_archive_stream.cpp:56:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
void zip_archive_stream_fd::read(unsigned char* buffer, size_t length) const
data/liborcus-0.16.1/src/parser/zip_archive_stream.cpp:100:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
void zip_archive_stream_blob::read(unsigned char* buffer, size_t length) const
data/liborcus-0.16.1/src/parser/zip_archive_test.cpp:36:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    strm->read(buf, 2);
data/liborcus-0.16.1/src/parser/zip_archive_test.cpp:37:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    assert(equal(data, data + 2, buf));
data/liborcus-0.16.1/src/parser/zip_archive_test.cpp:39:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    strm->read(buf, length);
data/liborcus-0.16.1/src/parser/zip_archive_test.cpp:40:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    assert(equal(data, data + length, buf));
data/liborcus-0.16.1/src/parser/zip_archive_test.cpp:41:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ASSERT_THROW(strm->read(buf, length + 1));
data/liborcus-0.16.1/src/parser/zip_archive_test.cpp:42:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    strm->read(buf, 0);
data/liborcus-0.16.1/src/parser/zip_archive_test.cpp:46:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    strm->read(buf, 2);
data/liborcus-0.16.1/src/parser/zip_archive_test.cpp:47:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    assert(equal(data + 2, data + 4, buf));
data/liborcus-0.16.1/src/python/document.cpp:253:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t n = strlen(error_policy_s);
data/liborcus-0.16.1/src/python/json.cpp:245:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    orcus::json_parser<json_parser_handler> parser(stream, strlen(stream), hdl);
data/liborcus-0.16.1/src/spreadsheet/factory_sheet.cpp:180:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t n_error = strlen(p_error);
data/liborcus-0.16.1/src/spreadsheet/factory_sheet.cpp:310:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t n_error = strlen(p_error);

ANALYSIS SUMMARY:

Hits = 93
Lines analyzed = 76706 in approximately 2.43 seconds (31593 lines/second)
Physical Source Lines of Code (SLOC) = 55600
Hits@level = [0]  15 [1]  64 [2]  29 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+] 108 [1+]  93 [2+]  29 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 1.94245 [1+] 1.67266 [2+] 0.521583 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.